Suspicious
Suspect

2bebbf8027adbffeff9ca967a748db16

PE Executable
|
MD5: 2bebbf8027adbffeff9ca967a748db16
|
Size: 760.84 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
2bebbf8027adbffeff9ca967a748db16
Sha1
c535bf79d6a9ec6214a2f185b4ff4277a4062249
Sha256
2fda9ad52229d9b5f8f479c2d5a795e143283f3a8565eee7af2cb6bd68285838
Sha384
fca64350384d3579ce97d799e6232fd397fd44baeb2cb1bddad7d8fe8abf80dbdc4046351c35bb4169313d81b1636457
Sha512
6e5bb971c5704c13b895dc5d8eddb5a1ce86d0dbc2b2e1abaa27235748692f3d2cac046f62e0a000b1dea917e19de354290bc8f031b5bccc60e615859aa43272
SSDeep
12288:e+waXmqp8MQSqzWEbBjrDyX/hDLuhjLUiAo0m3/u7GVbFOxvD2LiMbCR0znWyykR:e+wem88BBVNjKXUv0m3gGVhOxvD6iMb1
TLSH
CDF4F19D3B51B05EC863D7318DB0ED74A6343CA7A316C20795E71EAFB91D9968E002B3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2bebbf8027adbffeff9ca967a748db16
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Star_generator.Form1.resources
$this.Icon
[NBF]root.IconData
Moon
[NBF]root.Data
Star_generator.Properties.Resources.resources
KWSF
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xB6600 size 13832 bytes
Module Name

Lomf.exe
Full Name

Lomf.exe
EntryPoint

System.Void Canada_Simulator.Program::Main()
Scope Name

Lomf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Lomf
Assembly Version

3.9.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

254
Main Method

System.Void Canada_Simulator.Program::Main()
Main IL Instruction Count

31
Main IL

call System.Void Canada_Simulator.Program::‪‫‮‭‏​‫‮‬‎‌‫‪‬‎‭‌‮​‍‭‭‌‪‍‮() ldc.i4.0 <null> call System.Void Canada_Simulator.Program::‪‌‍‬​​​‪‭‮‫‪‎‍‍​‬‮‬‮‎‌‌‬‮‮(System.Boolean) newobj System.Void Star_generator.Form1::.ctor() call System.Void Canada_Simulator.Program::‏‮‎‫​‪‪‫‫‮‭‌‫‪‍​‍‏‪‭​‏‫‮(System.Windows.Forms.Form) ldc.i4 860078030 ldc.i4 1816289619 xor <null> dup <null> stloc.0 <null> ldc.i4.4 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_006D: ret newobj System.Void Canada_Simulator.Program::.ctor() call System.Void Canada_Simulator.Program::Menu() ldloc.0 <null> ldc.i4 874608136 mul <null> ldc.i4 1437606912 xor <null> br.s IL_001A: ldc.i4 1816289619 newobj System.Void Canada_Simulator.Program::.ctor() call System.Void Canada_Simulator.Program::FailSafe() ldloc.0 <null> ldc.i4 -2119065059 mul <null> ldc.i4 -2085158154 xor <null> br.s IL_001A: ldc.i4 1816289619 ret <null>
Module Name

Lomf.exe
Full Name

Lomf.exe
EntryPoint

System.Void Canada_Simulator.Program::Main()
Scope Name

Lomf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Lomf
Assembly Version

3.9.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

254
Main Method

System.Void Canada_Simulator.Program::Main()
Main IL Instruction Count

31
Main IL

call System.Void Canada_Simulator.Program::‪‫‮‭‏​‫‮‬‎‌‫‪‬‎‭‌‮​‍‭‭‌‪‍‮() ldc.i4.0 <null> call System.Void Canada_Simulator.Program::‪‌‍‬​​​‪‭‮‫‪‎‍‍​‬‮‬‮‎‌‌‬‮‮(System.Boolean) newobj System.Void Star_generator.Form1::.ctor() call System.Void Canada_Simulator.Program::‏‮‎‫​‪‪‫‫‮‭‌‫‪‍​‍‏‪‭​‏‫‮(System.Windows.Forms.Form) ldc.i4 860078030 ldc.i4 1816289619 xor <null> dup <null> stloc.0 <null> ldc.i4.4 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_006D: ret newobj System.Void Canada_Simulator.Program::.ctor() call System.Void Canada_Simulator.Program::Menu() ldloc.0 <null> ldc.i4 874608136 mul <null> ldc.i4 1437606912 xor <null> br.s IL_001A: ldc.i4 1816289619 newobj System.Void Canada_Simulator.Program::.ctor() call System.Void Canada_Simulator.Program::FailSafe() ldloc.0 <null> ldc.i4 -2119065059 mul <null> ldc.i4 -2085158154 xor <null> br.s IL_001A: ldc.i4 1816289619 ret <null>
2bebbf8027adbffeff9ca967a748db16 (760.84 KB)
File Structure
2bebbf8027adbffeff9ca967a748db16
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Star_generator.Form1.resources
$this.Icon
[NBF]root.IconData
Moon
[NBF]root.Data
Star_generator.Properties.Resources.resources
KWSF
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙